Skip to content

CVE‐2024‐30172

David Hook edited this page May 11, 2024 · 2 revisions

Issue affecting: BC Java 1.77 and earlier. BC Java (LTS) 2.73.5 and earlier. BC C# .NET 2.3.0 and earlier.

Fixed versions: BC Java 1.78. BC Java (LTS) 2.73.6. BC C# .NET 2.3.1

Platform affected: All JVMs. All CLRs.

Crafted signature and public key can be used to trigger an infinite loop in the Ed25519 verification code.

Fix Commit:

Java https://github.com/bcgit/bc-java/commit/ebe1c75579170072dc59b8dee2b55ce31663178f

C# .NET https://github.com/bcgit/bc-csharp/commit/1e96ddd13bf69786c1b8a0a2f826059c26047a41